quiz
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
readwiseCLI (e.g.,readwise list,readwise read,readwise search) to interact with the Readwise service. These commands are legitimate tools provided by the vendor 'readwiseio' to facilitate document retrieval. - [INDIRECT_PROMPT_INJECTION]: The skill processes external document content and highlights fetched via Readwise tools. This creates an attack surface for indirect prompt injection if the source documents contain malicious instructions. 1. Ingestion points:
mcp__readwise__reader_get_document_details,mcp__readwise__reader_get_document_highlights, and CLI read outputs. 2. Boundary markers: No explicit delimiters or warnings are defined in the instructions for the ingested content. 3. Capability inventory: Executes CLI commands and reads a localreader_persona.mdfile. 4. Sanitization: No explicit sanitization or filtering is described for the retrieved document content.
Audit Metadata